last person joined: 15 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass device registration (formerly MACTrac)

This thread has been viewed 36 times
  • 1.  Clearpass device registration (formerly MACTrac)

    Posted May 08, 2019 08:18 AM



    I am looking for documentation on "Clearpass device registration" . I am working with a University who have a requirement that students/staff can authenticate non 802.1x devices (game consoles, chrome casts etc..) onto eduroam. I understand we can set up a self service portal where students can register these devices themselves but struggling to find user guides on it. I have seen the below document referenced on Airheads but the link no longer works.



    thanks in advance

  • 2.  RE: Clearpass device registration (formerly MACTrac)

    Posted Jul 02, 2019 03:11 AM

    That referenced document was outdated. The basic steps to set up (self) device registration are:

    - Allow users to log in to the Guest portal with the Device Registration Operator Profile. See this video how to configure that.

    - If needed change or create your own Device Registration Operator Profile. Some useful information here.

    - Use the Guest Device Repository as MACAuth authentication source or authorization source of other authentication types.

    - If you create an external captive portal redirect for unknown/unregistered devices, the MAC address will be automatically filled, which is useful for devices that have a browser as you can register those from the device itself.

    - For other devices, your users can go to https://your.clear.pass/guest (replace your.clear.pass with the hostname of your ClearPass) and register headless devices and manage existing devices.


    Does this provide enough guidance?

  • 3.  RE: Clearpass device registration (formerly MACTrac)

    Posted May 06, 2020 11:53 AM

    Hi Herman,


    To add on to the original question. Is it possible to change the Guest Role ID depending on an AD profile? Looking to automate the process of placing end-user registered devices on different networks depending on their endpoint attributes.


    Ideally, a user would log into the guest portal using AD credentials and get an Operator Profile. When they create a guest device it would get a specific endpoint ID (based on their AD attributes) that my mac-auth could use to choose the network it gets. Would I need a different Operator profile for each AD group or is there a way to simplify that?


    More specifically, is there a list of attributes that I could pass to clearpass guest besides just "admin_privileges" that could autofill a form?


    P.S. You're a legend. Thanks a ton for the Cleapass Workshop Series. I've learned a ton from it!

  • 4.  RE: Clearpass device registration (formerly MACTrac)

    Posted Aug 04, 2020 12:50 PM

    Interested in this as well.  Working for a College.  I am struggling to set the CPG mac cached devices expiration.  We are also using Guest Role ID to identify student vs. staff, and I am wondering how I could pass attributes from CPPM to CPG and vice versa.  Thanks all!